DoD Instruction 8500.2 - Common Access Card (CAC)

More documents

Recommendations

Info

DODI 8500.2, February 6, 2003 5.7.1.3. Assign mission assurance categories to DoD Component-specific DoD information systems according to the guidelines provided in enclosure 4 of this Instruction. 5.7.2. Ensure that IA requirements are addressed and visible in all investment portfolios and investment programs incorporating DoD information systems. 5.7.3. Ensure that ISSE is employed in the acquisition of all automated information system (AIS) applications under their responsibility. 5.7.4. Ensure DoD information systems acquire and employ IA solutions in accordance with enclosures 3 and 4 of this Instruction. 5.7.5. Appoint DAAs according to DoD Directive 8500.1 (reference (a)) and ensure they accredit each DoD information system according to the DoD Instruction 5200.40 (reference (n)). 5.7.6. Share research and technology, techniques, and lessons learned relating to IA with other DoD Components and the DIAP office. 5.7.7. Ensure that IA awareness, training, education, and professionalization are provided to all military and civilian personnel, including contractors, commensurate with their respective responsibilities for developing, using, operating, administering, maintaining, and retiring DoD information systems in accordance with Deputy Secretary of Defense guidance (references (o) and (p)). 5.7.8. Provide for an IA monitoring and testing capability according to DoD Directive 4640.6 (reference (q)) and applicable laws and regulations. 5.7.9. Provide for vulnerability mitigation and an incident response and reporting capability to: 5.7.9.1. Comply with DoD-directed mitigations in vulnerability alerts and provide support to computer network defense, as directed in DoD Instruction O-8530.2 (reference (h)). incident. 5.7.9.2. Limit damage and restore effective service following a computer 6
DODI 8500.2, February 6, 2003 5.7.9.3. Collect and retain audit data to support technical analysis relating to misuse, penetration reconstruction, or other investigations, and provide this data to appropriate law enforcement or other investigating agencies. 5.7.10. Ensure that contracts include requirements to protect DoD sensitive information, and that the contracts are monitored for compliance. 5.7.11. Ensure that access to all DoD information systems and to specified types of information (e.g., intelligence, proprietary) under their purview is granted only on a need-to-know basis according to DoD Directive 8500.1 (reference (a)), and that all personnel having access are appropriately cleared or qualified under the provisions of DoD 5200.2-R (reference (r)). 5.7.12. Ensure that Public Key Infrastructure (PKI) implementation within DoD Component-owned or -controlled DoD information systems complies with guidance, as established. 5.7.13. Ensure implementation of the DoD ports and protocols management process according to guidance, as established. 5.7.14. Ensure that all biometrics technology intended for integration into DoD information and weapon systems is coordinated with the DoD Biometrics Management Office and acquired according to DoD policy and procedures, as established. 5.7.15. Ensure that appropriate notice of privacy rights and security responsibilities are provided to all individuals accessing DoD Component-owned or -controlled DoD information systems. 5.7.16. Ensure that DoD Component-owned or -controlled DoD information systems are assessed for IA vulnerabilities on a regular basis, and that appropriate IA solutions to eliminate or otherwise mitigate identified vulnerabilities are implemented. 5.7.17. Designate individuals authorized to receive code-signing certificates and ensure that such designations are kept to a minimum consistent with operational requirements. 5.7.18. Ensure that IA solutions do not unnecessarily restrict the use of assistive technology by individuals with disabilities or access to or use of information and data by individuals with disabilities in accordance with sections 501, 504, and 508 of the Rehabilitation Act of 1973 (29 U.S.C. 791, 794, and 794d) (reference (s)). 7
Page 1 and 2: Department of Defense INSTRUCTION N
Page 3 and 4: DODI 8500.2, February 6, 2003 5.1.3
Page 5: DODI 8500.2, February 6, 2003 5.6.
Page 9 and 10: DODI 8500.2, February 6, 2003 5.9.5
Page 11 and 12: DODI 8500.2, February 6, 2003 5.12.
Page 13 and 14: DODI 8500.2, February 6, 2003 E1. E
Page 15 and 16: DODI 8500.2, February 6, 2003 E2. E
Page 17 and 18: DODI 8500.2, February 6, 2003 are t
Page 19 and 20: DODI 8500.2, February 6, 2003 proce
Page 21 and 22: DODI 8500.2, February 6, 2003 E2.1.
Page 23 and 24: DODI 8500.2, February 6, 2003 enabl
Page 27 and 28: DODI 8500.2, February 6, 2003 E2.A1
Page 29 and 30: DODI 8500.2, February 6, 2003 NSTIS
Page 37 and 38: DODI 8500.2, February 6, 2003 unifo
Page 45 and 46: DODI 8500.2, February 6, 2003 Table
Page 47 and 48: DODI 8500.2, February 6, 2003 Inves
Page 49 and 50: DODI 8500.2, February 6, 2003 Table
Page 53 and 54: DODI 8500.2, February 6, 2003 E4.T4
Page 55 and 56: DODI 8500.2, February 6, 2003 Subje
Page 57 and 58:
DODI 8500.2, February 6, 2003 Subje
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
DODI 8500.2, February 6, 2003 E4.A2
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
show all

DoD Instruction 8500.2 - Common Access Card (CAC)

Create successful ePaper yourself

Delete template?

Save as template?